| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1101 |
CVE-2001-0980 |
|
|
Exec Code |
2001-07-17 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. |
|
1102 |
CVE-2001-0981 |
|
|
|
2001-08-31 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. |
|
1103 |
CVE-2001-0982 |
|
|
Dir. Trav. |
2001-07-23 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. |
|
1104 |
CVE-2001-0983 |
|
|
+Priv |
2001-08-31 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. |
|
1105 |
CVE-2001-0984 |
|
|
|
2001-09-13 |
2017-12-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords. |
|
1106 |
CVE-2001-0985 |
|
|
Exec Code |
2001-09-08 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. |
|
1107 |
CVE-2001-0986 |
|
|
+Info |
2001-09-14 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. |
|
1108 |
CVE-2001-0987 |
|
|
XSS |
2001-07-22 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. |
|
1109 |
CVE-2001-0988 |
|
|
+Info |
2001-07-23 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. |
|
1110 |
CVE-2001-0989 |
|
|
Overflow +Priv |
2001-07-23 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. |
|
1111 |
CVE-2001-0990 |
|
|
+Info |
2001-09-04 |
2017-12-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. |
|
1112 |
CVE-2001-0991 |
|
|
XSS |
2001-07-24 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. |
|
1113 |
CVE-2001-0992 |
|
|
Exec Code |
2001-09-05 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. |
|
1114 |
CVE-2001-0993 |
|
|
DoS |
2001-07-24 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length. |
|
1115 |
CVE-2001-0994 |
|
|
DoS |
2001-09-04 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. |
|
1116 |
CVE-2001-0995 |
|
|
|
2001-08-31 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. |
|
1117 |
CVE-2001-0996 |
|
|
|
2001-09-02 |
2017-12-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. |
|
1118 |
CVE-2001-0997 |
|
|
Exec Code |
2001-09-11 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. |
|
1119 |
CVE-2001-0998 |
|
|
DoS |
2001-09-24 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. |
|
1120 |
CVE-2001-0999 |
|
|
|
2001-09-12 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. |
|
1121 |
CVE-2001-1000 |
|
|
|
2001-09-07 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file. |
|
1122 |
CVE-2001-1002 |
|
|
Exec Code +Priv |
2001-08-31 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. |
|
1123 |
CVE-2001-1003 |
|
|
+Priv |
2001-08-31 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. |
|
1124 |
CVE-2001-1004 |
|
|
XSS |
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. |
|
1125 |
CVE-2001-1005 |
|
|
+Priv |
2001-08-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. |
|
1126 |
CVE-2001-1006 |
|
|
|
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. |
|
1127 |
CVE-2001-1007 |
|
|
|
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. |
|
1128 |
CVE-2001-1008 |
|
|
|
2001-08-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. |
|
1129 |
CVE-2001-1009 |
264 |
|
+Priv |
2001-08-31 |
2011-02-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. |
|
1130 |
CVE-2001-1010 |
|
|
Dir. Trav. |
2001-07-22 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter. |
|
1131 |
CVE-2001-1011 |
|
|
+Priv |
2001-07-25 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. |
|
1132 |
CVE-2001-1012 |
|
|
+Priv |
2001-09-05 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. |
|
1133 |
CVE-2001-1013 |
|
|
|
2001-09-12 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. |
|
1134 |
CVE-2001-1014 |
|
|
Exec Code |
2001-09-15 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. |
|
1135 |
CVE-2001-1015 |
|
|
Overflow +Priv |
2001-10-16 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument. |
|
1136 |
CVE-2001-1016 |
|
|
|
2001-09-04 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." |
|
1137 |
CVE-2001-1017 |
|
|
+Priv |
2001-09-04 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords. |
|
1138 |
CVE-2001-1018 |
|
|
|
2001-09-20 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. |
|
1139 |
CVE-2001-1019 |
|
|
Dir. Trav. |
2001-09-08 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. |
|
1140 |
CVE-2001-1020 |
|
|
Exec Code |
2001-09-05 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function. |
|
1141 |
CVE-2001-1021 |
|
|
Exec Code Overflow |
2001-07-26 |
2019-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. |
|
1142 |
CVE-2001-1022 |
|
|
Exec Code Bypass |
2001-07-26 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. |
|
1143 |
CVE-2001-1023 |
|
|
|
2001-09-21 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. |
|
1144 |
CVE-2001-1024 |
|
|
Exec Code |
2001-07-27 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. |
|
1145 |
CVE-2001-1025 |
|
|
|
2001-08-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. |
|
1146 |
CVE-2001-1026 |
|
|
|
2001-07-09 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address. |
|
1147 |
CVE-2001-1027 |
|
|
Exec Code Overflow |
2001-08-31 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title. |
|
1148 |
CVE-2001-1028 |
|
|
Overflow +Priv |
2001-05-28 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. |
|
1149 |
CVE-2001-1029 |
|
|
Bypass |
2001-09-20 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. |
|
1150 |
CVE-2001-1030 |
|
|
Bypass |
2001-07-18 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. |
